From e4b13b9df1b5468ea4574beeb3e374ea8326c65c Mon Sep 17 00:00:00 2001 From: Greg DiCristofaro Date: Thu, 30 Apr 2020 13:17:25 -0400 Subject: [PATCH] worked through kdb parser and integration --- .../modules/hashdatabase/HashSetParser.java | 2 +- .../ImportCentralRepoDbProgressDialog.java | 7 +-- .../hashdatabase/KdbHashSetParser.java | 48 +++++++++++++++---- 3 files changed, 45 insertions(+), 12 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashSetParser.java b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashSetParser.java index 9bd77717ce..e4b5d55632 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashSetParser.java +++ b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashSetParser.java @@ -55,7 +55,7 @@ interface HashSetParser { /** * Get the next hash to import as a HashEntry object. * - * @return A new hash entry for the next item parsed or null if no more items. + * @return A new hash entry for the next item parsed. * @throws TskCoreException */ default HashEntry getNextHashEntry() throws TskCoreException { diff --git a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/ImportCentralRepoDbProgressDialog.java b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/ImportCentralRepoDbProgressDialog.java index 355f509a37..d626bd5c98 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/ImportCentralRepoDbProgressDialog.java +++ b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/ImportCentralRepoDbProgressDialog.java @@ -41,6 +41,7 @@ import org.sleuthkit.autopsy.coreutils.Logger; import org.sleuthkit.datamodel.TskCoreException; import org.sleuthkit.datamodel.TskData; import org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository; +import org.sleuthkit.datamodel.HashEntry; /** * Imports a hash set into the central repository and updates a progress dialog @@ -250,14 +251,14 @@ class ImportCentralRepoDbProgressDialog extends javax.swing.JDialog implements P return null; } - String newHash = hashSetParser.getNextHash(); + HashEntry newHash = hashSetParser.getNextHashEntry(); if (newHash != null) { CentralRepoFileInstance eamGlobalFileInstance = new CentralRepoFileInstance( referenceSetID.get(), - newHash, + newHash.getMd5Hash(), knownStatus, - ""); + newHash.getComment() != null ? newHash.getComment() : ""); globalInstances.add(eamGlobalFileInstance); diff --git a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/KdbHashSetParser.java b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/KdbHashSetParser.java index 46eee12b6e..d9b29b257c 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/KdbHashSetParser.java +++ b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/KdbHashSetParser.java @@ -20,9 +20,12 @@ package org.sleuthkit.autopsy.modules.hashdatabase; import java.sql.Connection; import java.sql.DriverManager; +import java.sql.PreparedStatement; import java.sql.ResultSet; import java.sql.SQLException; import java.sql.Statement; +import java.util.ArrayList; +import java.util.List; import java.util.logging.Level; import org.sleuthkit.autopsy.coreutils.Logger; import org.sleuthkit.datamodel.HashEntry; @@ -80,10 +83,28 @@ public class KdbHashSetParser implements HashSetParser { private static class HashRow { private final String md5Hash; - private + private final long hashId; + + HashRow(String md5Hash, long hashId) { + this.md5Hash = md5Hash; + this.hashId = hashId; + } + + String getMd5Hash() { + return md5Hash; + } + + long getHashId() { + return hashId; + } } - private Stuff getNextHashEntry() throws TskCoreException { + /** + * Retrieves the row id and md5 hash for the next item in the hashes table. + * @return A hash row object containing the hash and id. + * @throws TskCoreException + */ + private HashRow getNextHashRow() throws TskCoreException { try { if (resultSet.next()) { long hashId = resultSet.getLong("id"); @@ -98,10 +119,8 @@ public class KdbHashSetParser implements HashSetParser { } String md5Hash = sb.toString(); - return new - totalHashesRead++; - + return new HashRow(md5Hash, hashId); } else { throw new TskCoreException("Could not read expected number of hashes from hash set " + filename); } @@ -118,13 +137,26 @@ public class KdbHashSetParser implements HashSetParser { */ @Override public String getNextHash() throws TskCoreException { - - + return getNextHashRow().getMd5Hash(); } @Override public HashEntry getNextHashEntry() throws TskCoreException { - return HashSetParser.super.getNextHashEntry(); //To change body of generated methods, choose Tools | Templates. + HashRow row = getNextHashRow(); + try { + PreparedStatement getComment = conn.prepareStatement("SELECT comment FROM comments WHERE hash_id = ?"); + getComment.setLong(0, row.getHashId()); + ResultSet commentResults = getComment.executeQuery(); + List comments = new ArrayList<>(); + while (commentResults.next()) + comments.add(commentResults.getString("comment")); + + String comment = comments.size() > 0 ? String.join(" ", comments) : null; + return new HashEntry(null, row.getMd5Hash(), null, null, comment); + } + catch (SQLException ex) { + throw new TskCoreException("Error opening/reading hash set " + filename, ex); + } }